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Claims 

What is claimed is: 

[cl] An apparatus to unblock a security device issued to an end user, comprising: 
an unblocking service for establishing a secure gateway; 

a client-side applet for securely transferring information among the unblocking 

service, the end user, and the security device; and 
an agent-side applet for securely transferring information between the unblocking 

service and a security agent. 

[c2] The apparatus of claim 1, wherein the security agent unblocks the security device 
from a remote location. 

[c3] The apparatus of claim 1, wherein an end user identifier and a password pair is 
presented by the end user for the client-side applet to connect to the unblocking 
service. 

[c4] The apparatus of claim 1, wherein an authentication process is performed for 
every transfer between the client-side applet and the unblocking service. 

[c5] The apparatus of claim 1 , wherein the end user is remote. 

[c6] The apparatus of claim 1, wherein the security device is a smart card. 

[c7] The apparatus of claim 1, wherein the apparatus is accessible via a web interface. 

[c8] The apparatus of claim 3, wherein the end user identifier is an e-mail address. 
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[c9] The apparatus of claim 1, further comprising: 

an Unblock Authorization Code (UAC) securely transferred from the agent-side 

applet and the client-side applet to the unblocking service; and 
an Unblock Code (UBC) securely transferred from the unblocking service to the 

client-side applet; 

wherein, the client-side applet uses the UBC to unblock the security device. 

[clO] The apparatus of claim 9, further comprising: 

the client-side applet set to check at a configurable frequency for determining that 
the UAC is generated. 

[ell] The apparatus of claim 9, wherein the UAC is accepted upon correlation of an end 
user identifier and a security device identifier. 

[cl2] The apparatus of claim 11, wherein the security device identifier is a serial 
number. 

[cl3] The apparatus of claim 11, wherein the end user identifier is an e-mail address. 

[cl4] The apparatus of claim 9, wherein the UBC is provided by the unblocking service 
to the client-side applet after correlation of an end user identifier, a password pair, 
and a security device identifier. 

[cl5] The apparatus of claim 14, wherein the security device identifier is a serial 
number. 

[cl6] The apparatus of claim 14, wherein the end user identifier is an e-mail address. 
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[cl7] An apparatus to unblock a security device issued to an end user, comprising: 
an unblocking service for establishing a secure gateway; 

a client-side applet for securely transferring information among the unblocking 

service, the end user, and the security device; 
an agent-side applet for securely transferring information between the unblocking 

service and a security agent; 
an Unblock Authorization Code (UAC) securely transferred from the agent-side 

applet and the client-side applet to the unblocking service; 
an Unblock Code (UBC) securely transferred from the unblocking service to the 

client-side applet; and 
the client-side applet set to check at a configurable frequency for determining that 

the UAC is generated; 
wherein, the client-side applet uses the UBC to unblock the security device. 

[cl8] A method of unblocking a security device issued to an end user by a security 
agent, comprising: 

establishing a secure gateway by an unblocking service; 

transferring information among the unblocking service, the end user, and the 
security device by a client-side applet in a secure manner; and 

transferring information between the unblocking service and the security agent by 
an agent-side applet in a secure manner. 

[cl9] The method of claim 18, wherein the security agent unblocks the security device 
from a remote location. 

[c20] The method of claim 18, wherein the end user is remote. 

[c21] The method of claim 13, wherein the security device is a smart card. 
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[c22] The method of claim 1 8, further comprising: 

presenting an end user identifier and a password pair by the end user for the client- 
side applet to connect to the unblocking service. 

[c23] The method of claim 18, further comprising: 

performing an authentication process for every transfer between the client-side 
applet and the unblocking service. 

[c24] The method of claim 1 8, further comprising: 

transferring an Unblock Authorization Code (UAC) securely from the agent-side 

applet to the unblocking service; 
supplying the UAC to the end user by the security agent; 
applying the UAC to the client-side applet by the end user; 

transferring the UAC securely from the client-side applet to the unblocking 
service; 

verifying the UAC transferred by the client-side applet and the agent-side applet 

match through the unblocking service; 
transferring an Unblock Code (UBC) securely from the unblocking service to the 

client-side applet; and 
unblocking the security device by the client-side applet using the UBC. 

[c25] The method of claim 24, further comprising: 

checking at a configurable frequency to determine if the UAC is generated by a 
client-side applet . 

[c26] The method of claim 24, further comprising: 

correlating an end user identifier and security device identifier prior to acceptance 
of the UAC. 
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[c27] The method of claim 24, further comprising: 

providing the UBC by the unblocking service to the client-side applet after 
correlation of an end user identifier, a password pair, and a security device 
identifier. 

[c28] A method of unblocking a security device issued to an end user by a security 
agent, comprising: 

establishing a secure gateway by an unblocking service; 

transferring information among the unblocking service, the end user, and the 
security device by a client-side applet in a secure manner; 

transferring information between the unblocking service and the security agent by 
an agent-side applet in a secure manner; 

presenting an end user identifier and a password pair by the end user for the client- 
side applet to connect to the unblocking service; 

performing an authentication process for every transfer between the client-side 
applet and the unblocking service; 

transferring an Unblock Authorization Code (UAC) securely from the agent-side 
applet to the unblocking service; 

supplying the UAC to the end user by the security agent; 

applying the UAC to the client-side applet by the end user; 

transferring the UAC securely from the client-side applet to the unblocking 
service; 

verifying the UAC transferred by the client-side applet and the agent-side applet 

match through the unblocking service; 
transferring an Unblock Code (UBC) securely from the unblocking service to the 

client-side applet; 

unblocking the security device by the client-side applet using the UBC; 
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checking at a configurable frequency to determine if the UAC is generated by the 
client-side applet; 

correlating the end user identifier and a security device identifier prior to 

acceptance of the UAC; and 
providing the UBC by the unblocking service to the client-side applet after 

correlation of the end user identifier, the password pair, and the security 

device identifier. 

[c29] A method of unblocking a security device issued to an end user using a security 
agent, comprising: 

gathering information from the end user and the security device; 

verifying the information gathered from the end user and the security device; 

contacting the security agent by the end user; 

supplying end user information verbally to the security agent; 

verifying identity of the end user by the security agent using an identity 

verification mechanism 
generating an Unblock Authorization Code (UAC) by an agent-side applet; 
delivering the UAC to an unblocking service by the agent-side applet; 
storing the UAC against a security device record in a directory service; 
supplying the UAC from the security agent to the end user; 
applying the UAC to the client-side applet by the end user; 
delivering the UAC securely from the client-side applet to the unblocking service; 
verifying the UAC of the client-side applet and the agent-side applet match 

through the unblocking service; 
requesting an Unblock Code (UBC) from the directory service; 
unblocking the security device by transferring the UBC from the directory service 

to the client-side applet. 
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[c30] The method of claim 29, wherein the security device identifier is a serial number. 

[c31] The method of claim 29, wherein the end user identifier is an e-mail address. 

[c32] The method of claim 29, further comprising: 

gathering information from the end user using the client-side applet; and 
gathering information from the security device using the client-side applet. 

[c33] The method of claim 29, further comprising: 

generating a new UBC by the client-side applet; 
setting the security device to the new UBC; and 
delivering the new UBC to the directory service. 

[c34] The method of claim 29, further comprising: 

verifying the security device is not already permanently blocked. 

[c35] A method of unblocking a security device issued to an end user using a security 
agent, comprising: 

gathering information from the end user and the security device; 
verifying the information gathered from the end user and the security device; 
contacting the security agent by the end user; 
supplying end user information to the security agent; 

verifying identity of the end user by the security agent using an identity 

verification mechanism; 
generating an Unblock Authorization Code (UAC) by an agent-side applet; 
transferring the UAC to an unblocking service; 

storing the UAC against a security device record in a directory service; 
transferring the UAC to an unblocking service by the agent-side applet; 
storing the UAC against a security device record in a directory service; 
supplying the UAC from the security agent to the end user; 
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applying the UAC to the client-side applet by the end user; 

delivering the UAC securely from the client-side applet to the unblocking service; 

verifying the UAC transferred by the client-side applet and the agent-side applet 

match through the unblocking service; 
requesting an Unblock Code (UBC) from the directory service; 
unblocking the security device by transferring the UBC from the directory service 

to the client-side applet; 
gathering information from the end user using the client-side applet; 
gathering information from the security device using the client-side applet; 
generating a new UBC by the client-side applet; 
setting the security device to the new UBC; 
delivering the new UBC to the directory service; and 
verifying the security device is not already permanently blocked. 

[c36] A computer system adapted to unblock a security device issued to an end user, 
comprising: 
a processor; 
a memory, and 

software instructions for enabling the computer under control of the processor, to 

establish a secure gateway by an unblocking service; 
transfer information among the unblocking service, the end user, and the security 

device by a client-side applet in a secure manner; 
transfer information between the unblocking service and a security agent by an 

agent-side applet in a secure manner; 
transfer an Unblock Authorization Code (UAC) securely from the agent-side 

applet and the client-side applet to the unblocking service; 
transfer an Unblock Code (UBC) securely from the unblocking service to the 

client-side applet; and 
unblock the security device by the client-side applet using the UBC. 
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[c37] An apparatus for unblocking a security device issued to an end user using a 
security device, comprising: 

means for establishing a secure gateway by an unblocking service; 

means for transferring information among the unblocking service, the end user, 

and the security device by a client-side applet in a secure manner; 
means for transferring information between the unblocking service and a security 

agent by an agent-side applet in a secure manner; 
means for transferring an Unblock Authorization Code (UAC) securely from the 

agent-side applet and the client-side applet to the unblocking service; 
means for transferring an Unblock Code (UBC) securely from the unblocking 

service to the client-side applet; and 
means for unblocking the security device by the client-side applet using the UBC. 
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